Proposal Title: Collaborative Research: II-New: OpenVMI: A Software Instrument for Virtual Machine Introspection Institution: Purdue University Abstract Date: 07/09/09 This project develops the OpenVMI, an open-source, software-based research instrument for virtual machine introspection (VMI). VMI is important to certain research areas such as distributed computing, automated system management and configuration, and computer security. Virtualization technologies have created new momentumfor a number of research areas such as distributed computing, automated system management and configuration, and computer security. One basic yet powerful instrumentation function in virtualization-based research is virtual machine introspection (VMI): observing a VM?s semantic states and events from outside the VM. VMI is hard to implement, mainly because of the semantic gap between the external and internal observations of the VM. Thus a generic VMI software instrument becomes highly desirable to virtualization researchers. This project develops and deploys OpenVMI, an open-source, software-based research instrument for VMI at Purdue University and North Carolina State University. OpenVMI can be thought of as a ?fluoroscopic? instrument for VMs. Through the OpenVMI API, a user will be able to obtain the VM?s semantic states and events in both kernel and user spaces without modifying or instrumenting the VM. Three research areas are identified at the PIs? institutions that will benefit from the development and deployment of OpenVMI: -Management of hosted virtual environments: This research involves monitoring, provisioning and regulating autonomous virtual environments running in a shared distributed hosting infrastructure. Open- VMI will enable non-intrusive, semantic monitoring of VMs, which will trigger VM management operations at runtime such as VM migration, resource adaptation and access control. -Monitoring, detection and investigation of user-level malware: This research is concerned with OSlevel policies and mechanisms for malware detection and investigation. By using OpenVMI, these policies and mechanisms can be moved out of the target VM, achieving stronger tamper-resistance without losing VM observability. -Monitoring of OS integrity: This research addresses the integrity of the guest OS against kernel-level attacks. It also involves detailed profiling of kernel-level attacks for future detection and recovery. OpenVMI will provide a unique vintage point to observe runtime state changes of kernel objects, which will help reveal details of an OS integrity violation. Six research projects in the above areas are designated for OpenVMI deployment. NATIONAL SCIENCE FOUNDATION Proposal Abstract Proposal:0855141 PI Name:Xu, Dongyan Printed from eJacket: 07/25/09 Page 1 of 1